In seeking to protect the rights of copyright holders in their works shared online, the EU Directive on Copyright in the Digital Single Market presents a new liability mechanism for online content-sharing service providers.
IN DEPTH
On 26 March 2019, the European Parliament finally adopted the controversial new EU Directive on Copyright in the Digital Single Market (EU Directive), which the European Commission initially proposed on 14 September 2016, to further harmonise EU copyright law taking into account digital and cross-border use of protected content. Member states now have two years to implement the EU Directive into their national laws.
Below is a deeper dive into the debated Article 17 (former Article 13) on liability for online content-sharing service providers.
Aim of the EU Directive
The EU Directive states that online content-sharing service providers perform an act of communication to the public, or an act of making content available to the public, when they give the public access to copyright-protected works uploaded by their users. These service providers therefore must obtain an authorisation from the relevant rightholders, including via licensing agreements, according to the EU Directive.
The EU Directive aims to avoid and discontinue the availability of unauthorised works, and to help rightholders to receive appropriate and proportionate remuneration for the use of their works. The EU Directive also states that rightholders should be free to grant or refuse authorisation for the use of their works in respect of uploads by users.
The EU Directive has no impact on the protection of trademark rights.
Scope of Article 17
Article 2(6) defines “online content sharing service provider” as a provider of a service of which “the main or one of the main purposes is to store and give the public access to a large amount of copyright protected works”, such as videos, movies, songs, photographs and literary works, that are “uploaded by its users, which it organizes and promotes for profitmaking purposes”. The EU Directive thus is likely to cover YouTube, Facebook, Instagram, Snapchat, Dailymotion, Twitter and other similar platforms.
Service providers whose primary purpose is not enabling users to upload and share a large amount of copyright protected content are therefore not affected by the EU Directive. The EU Directive explicitly excludes from the definition of “online content-sharing service provider” the following:
- Nonprofit online encyclopedias (such as Wikipedia)
- Nonprofit educational and scientific repositories
- Open source software developing and sharing platforms
- Electronic communication service providers
- Online marketplaces (whose main activity is online retail)
- Business to business cloud services, and cloud services that allow users to upload content for their own use
Recital 63 states that the assessment of whether a content sharing service provider stores and gives access to a “large amount” of copyright protected content should be made on a case by case basis and should take account of a non exhaustive combination of elements, such as the audience of the service and the number of files of copyright protected content uploaded.
End of the Protective Liability Regime Specific to Hosting Providers
To date, content sharing service providers benefit from the limited liability regime established for hosting services by the e-Commerce Directive 2000/31/EC and have not been liable for the information they store if they do not have actual knowledge of the illegal nature of the information, and if they act expeditiously to remove such information upon notification.
Article 17 expressly states that the limitation of liability established for hosting providers shall not apply to content sharing service providers in relation to the situations covered by this article.
New Liability Mechanism in Case of Unlicensed Content
If no authorisation is granted, the EU Directive defines a liability mechanism for content sharing service providers that differs depending on three criteria:
- A popularity criteria (where the average number of monthly unique visitors exceeds 5 million, calculated on the basis of the previous year)
- A time criteria (where the services have been available to the public for three years or more)
- A turnover criteria (where the annual turnover is of EUR 10 million or more
This system responds to the concerns raised by medium-size enterprises and start ups.
Minimal Mechanism for Content Sharing Service Providers that Meet None of the Three Criteria
New content-sharing service providers (i) whose services have been made available to the public for less than three years, (ii) whose annual turnover is below EUR 10 million, and (iii) whose average number of monthly unique visitors does not exceed 5 million shall be liable if they do not demonstrate that:
- They have made their best efforts to obtain an authorisation from the rightholders.
- They acted expeditiously, upon notification, to disable access to the notified works or to remove them from their websites (notice and take down)
This merely corresponds to the current liability regime of hosting providers. The EU Directive adds one obligation of means: the providers must make their best efforts to obtain prior authorisation from rightholders.
Adjusted Mechanism for Content Sharing Service Providers that Do Not Meet the Time and Turnover Criteria, but Meet the Popularity Criteria
New content sharing service providers (i) whose services have been made available to the public for less than three years, and (ii) whose annual turnover is below EUR 10 million, but (iii) whose average number of monthly unique visitors does exceed 5 million, shall be liable if they do not demonstrate that:
- They have made their best efforts to obtain an authorisation from the rightholders.
- They acted expeditiously, upon notification, to disable access to the notified works or to remove them from their websites (notice and take down).
- They have made their best efforts to prevent further uploads of the notified works for which rightholders have provided the relevant and necessary information (notice and stay down)
Content sharing service providers that meet the popularity criteria likely will have to invest in fingerprinting technologies (software that generates a unique signature for digital content) to filter and block works for which the rightholders provide fingerprints.
Strict Mechanism for Content Sharing Service Providers that Meet the Time Criteria and/or the Turnover Criteria
New content sharing service providers (i) whose services have been made available to the public for three years or more, and/or (ii) whose annual turnover is of EUR 10 million or more, shall be liable if they do not demonstrate that:
- They have made their best efforts to obtain an authorisation from the rightholders.
- They have made, in accordance with the high industry standards of professional diligence, their best efforts to ensure the unavailability of specific works for which the rightholders have provided the relevant and necessary information.
- They acted expeditiously, upon notification, to disable access to the notified works or to remove them from their websites (notice and take down).
- They have made their best efforts to prevent further uploads of the notified works for which rightholders have provided the relevant and necessary information (notice and stay down).
When assessing whether a content-sharing service provider has made its best efforts “in accordance with the high industry standards of professional diligence” to ensure the unavailability of works, a number of factors should be taken into account, such as the type, audience and size of the services; the type of works; and the availability of suitable and effective means of identification and removal (such as filtering technologies) and their costs for service providers, in light of the principle of proportionality.
One example of content sharing service that will be governed by the strict mechanism is Google’s YouTube service. Google has already developed a digital fingerprinting system, named Content ID. It will be instructive to see whether the Content ID system will be found sufficient to satisfy these new requirements.
Effectiveness of Copyright Exceptions and Limitations
Article 17 shall not affect legitimate uses of copyright protected works by preventing users from uploading non infringing content. The steps taken by content sharing service providers shall not result in the blocking of lawful content covered by copyright exceptions or limitations (quotation, criticism, review, use for the purpose of caricature, parody or pastiche) that guarantee freedom of expression.
Complaint and Redress Mechanism
Content sharing service providers shall operate an effective and expeditious complaint and redress mechanism (judicial and out of court mechanism) allowing users to contest decisions to remove or disable access to their uploaded content. Such decisions shall be subject to human review.
Comments
While the EU Directive addresses the legal uncertainty regarding whether content-sharing service providers engage in copyright-relevant acts and need to obtain authorisation from rightholders for content uploaded by their users, a number of uncertainties remain. The assessment of certain criteria might vary from one Member State to another: for example, how to determine “the main or one of the main purposes” of a content sharing service provider, what is meant by “a large amount of copyright protected works”, what should be considered as “best efforts”, and how the “principle of proportionality” should be taken into account.
Several technical challenges will also have to be addressed, such as enabling fingerprinting and filtering technologies to differentiate legitimate uses